<?php
@session_start();

require_once '../../config/config.inc';
$conn = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
if(!$conn){
	echo mysql_error();
}
$db=mysql_select_db(DB_DATABASE);
if(!$db){
	mysql_error();
	}
if (isset($_SESSION['USER_ID'])){
	$id=$_SESSION['USER_ID'];
}
$cpass=$_POST['cpass'];
$npass=$_POST['npass'];
$confpass=$_POST['confpass'];
if (isset($_POST['submit'])){
	$cpass=md5($cpass);
	$qry=mysql_query("SELECT password FROM `user` WHERE id='$id'");
	if(!$qry){
		echo mysql_error();
		exit();
		}
		$q=mysql_fetch_array($qry);
        if ($q['password'] <> $cpass) {
           echo mysql_error()."Passwords dont match";
           exit();
         }
           else{
          
		$co=mysql_num_rows($qry);
		if($co>0){
			if($npass==$confpass){
				$npass=md5($npass);
				echo $npass;
				$change = mysql_query("update `user` SET `password`='$npass' WHERE id='$id'");
				if(!$change){
					echo mysql_error();
					exit();
				}
				
			}
		}
           }
           header("location:../profile.php?stats=success");
}else{
	echo mysql_error()."submit button is not press ";
}	

?>